Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks.
We were looking for an authentication setup to allow for SSO and one of the front runners was Twilio. They have a meeting with us next week and I am not looking forward to this second hand embarrassment.
Oh man this is going to suck.
We were looking for an authentication setup to allow for SSO and one of the front runners was Twilio. They have a meeting with us next week and I am not looking forward to this second hand embarrassment.